Académique Documents
Professionnel Documents
Culture Documents
They don't use cload computing, so they are not in the risk profile IV.
System Security Continuity Change
management
Financial Medium Low Medium
Logistic Low Low Medium
Web sales High Medium High
Risk Risk impact Control ID Control
Changes are moved into the production … C04 A procedure exists to ensure that system modifications are
environment that are not properly approved. transported to production environment only when validated by
process owner.
C05 …
Without proper documentation, efficiency and … C06 …
accuracy of data may be compromised.
Risk Risk impact Control ID Control
C03 …
Users are not authenticated by the system and … C04 The user is required to enter a unique ID and password to
can make unauthorised changes to system, authenticate onWindows
programs and data.
C05 Generic IDs are not used in Exact
C06 Password constraints are enforced within Windows
Firewall settings
Unauthorised individuals from outside the High C01 Firewall setup is documented
company could gain access via the Internet to
the organizations computer systems and access
critical data or disrupt operations.
Data cannot be restored from tape backup after High C04 A restore procedure is available which includes:
a problem - The proces how to restore.
- Restore procedure checklist.
In the event of a major computer malfunction High C05 A formal Disaster Recovery Plan is documented and applied
or natural disaster , computer operations and consistently. It clearly details:
critical business functions are not recovered - DRP Overview
properly in a timely manner - Server Shutdown/Restore Order with location
- Operating the critical applications and data required for the
DRP
- Provide workspace and required equipment
- All Contact info for decision makers
C06 Keep the DRP test plan current and sync it with business
changes.
It may requires updates after changes in: hardware, software,
applications.
Test to perform
…
…
Test to perform
…
…
…
…
Test to perform
Determine where all the Foil webserver is located and ensure that they are
located on screened subnet on a DMZ, behind a firewall.
…
…
Test to perform
Obtain the backup procedure and review his content for clear description of
when to make the copies, where to store and on which medium.
Watch the backup log files daily.Then you can follow it and you are familiar
with the look when everything is working. So if things go wrong you were
prepared to pinpoint the nature of the problem immediately.
Cleaning the heads of the backup drive and chek if the media is stored on a
scratched part. Store on alternative location when testing.
Obtain the restore procedure and review his content for clear discription of
how to restore and test it.
Simulate a sample restore job once a time (monthly/weekly depends on the
risk)
Test the DR plan. Check the task plan chart and the timelines to validate the
effectiveness of current DRP.
Simulate the conditions of an actual Disaster Recovery situation.
Check the completeness of the disaster recovery information.`
Ensure the ability to recover the intented functions.